[ntp:security] NTP security release VU#961909
amanion at cert.org
Thu Feb 22 00:17:21 UTC 2018
On 2/21/18 7:10 PM, Harlan Stenn wrote:
> So I should list/track all of the security issues listed for p11 under
> VU#961909 ?
Yes, VU#961909 tracks all the CVE IDs which I suspect map to all of the security issues under p11. Yes, a bit of a mess.
> We have CVE numbers for all of them.
> I didn't include them in the release as information about the bugs and
> their fixes are generally embargoed.
> Mitre already has the descriptions from when I opened the CVE requests,
> and they said they'd fill out the details when we went public.
> I'm happy to send CERT the details now, if you prefer.
As long as they're issued and MITRE has descriptions, we're good. I would suggest referencing the CVE IDs in whatever information you make public, such as an advisory and/or bug tracker tickets. That's a great help to everyone tracking vulnerabilities.
More information about the security